SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Wave

SurfingAttack exploits ultrasonic guided wave propagating through solid-material tables to attack voice control systems. By leveraging the unique properties of acoustic transmission in solid materials, we design a new attack called SurfingAttack that would enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight. By completing the interaction loop of inaudible sound attack, SurfingAttack enables new attack scenarios, such as hijacking a mobile Short Message Service (SMS) passcode, making ghost fraud calls without owners' knowledge, etc.

Read the Paper, Cite

@inproceedings{yan2020surfingattack,
    author = {Yan, Qiben and Liu, Kehai and Zhou, Qin and Guo, Hanqing and Zhang, Ning},
    title = {SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Wave},
    booktitle={Network and Distributed Systems Security (NDSS) Symposium},
    year = {2020},
}

Team

Features

SurfingAttack demonstration

Unnoticeable SurfingAttack in a realistic scenario

(SurfingAttack system including a metal sheet or a glass sheet with attack device is hidden under a tablecloth)

SurfingAttack on different phones



SurfingAttack on different functions



SurfingAttack under different scenarios

30ft long distance attack on a large Aluminum metal plate

SurfingAttack on metal plate with different thicknesses


SurfingAttack on glass plate with different thicknesses


SurfingAttack under other scenarios



Media Coverage

Scientific American, Science Daily, Futurity, BBC Radio, Forbes, Popular Mechanics, Inverse, Gizmodo, FastCompany, Hackster, Techworm, CISOMAG, Android Authority, ACM TechNews, Security Affairs, The Register, Extreme Tech, TechXplore, Apple Insider, MediaPost, NewsBreak, Techradar, Twitter #surfingattack, MSU Engineering, MSU Today, We live security, 钛媒体, 凤凰新闻, 新浪, 腾讯, 搜狐, cnbeta, 每日头条, ... ...